Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3983399pxf; Tue, 6 Apr 2021 05:23:07 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyIAxHJPsQ3fNjq8OzqpqmIsMSYNy0Fp4jdJBivN+rt+izN7eAGGIhVFClLAX+s6sr3yHVJ X-Received: by 2002:a02:9645:: with SMTP id c63mr28726327jai.84.1617711786774; Tue, 06 Apr 2021 05:23:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617711786; cv=none; d=google.com; s=arc-20160816; b=flIcgE5XI0ZLCH4CpTkyKXYhx0R4XfizOxS/dtGMjrzKIFqqUIlHNhbAT43Fhcej02 C4wllG8eDGs5hT9yesbZW6eer99/SsYmgF5kgSRgoYn0lQwWA3Krd1PuS5khfgI02x7C D0kLr04pozhIk0rmzRnYe2HnobEC5oZ44poNcq/f+CxP/mDQk5QgYisdBiitoU8KdWQQ HOpfcC/2bg9Txs4JNNc/EJAD/U7qEoxoUzvsYeR5c/yNzKDjgTvnRMP6AwwxHc6J5g3b ku/51yBsWQtRAr0KY3bwDE62pexzwAylSU+tQFtSTRFoqGYMMJKW6GTC86jhVL/iwmm8 zQoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :mime-version:user-agent:date:message-id:from:references:cc:to :subject:dkim-signature; bh=kwZ8XyyzRZCBrGqzegCVhhjQ1Q2Ym617/sTrzH4w1XI=; b=FRvhTRFJd4achd2TvWLrBtZyGY2LWF1yKOysTwhtH0TRXu46ge6A62lQkduweaYYRC TBobPxdIdDDYCVi4xrHC8rmbIIiZLEPHh42YdaH+KfSggfZG4VcDq5KLwVDem5IVeZAK sWfyQUR/5EUGCHXKyCDivExusfY47UrclKBi9kFvFWAnjzZbEeG5E7MQOluA7VmSvNeX 0UrNnTfLqDHZ/NEG/muv26R0ofIx9YBcLtQ9aGN3M5AWGIx7OZqMkCae2IPPqI8//UJ1 HEOFr1YX1JyD4UVl4xP9XStfl/PKvosxs4AzrC4HxZowl7VWsEaQ/XI4L2oTsLhlosdj Bhpw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=byXv0wBg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g5si16546210ild.65.2021.04.06.05.22.53; Tue, 06 Apr 2021 05:23:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=byXv0wBg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242107AbhDFBfr (ORCPT + 99 others); Mon, 5 Apr 2021 21:35:47 -0400 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:58676 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241988AbhDFBfp (ORCPT ); Mon, 5 Apr 2021 21:35:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1617672938; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kwZ8XyyzRZCBrGqzegCVhhjQ1Q2Ym617/sTrzH4w1XI=; b=byXv0wBgeKoPa1BWCNAXfxIERfEsfOqyFT0OZWsTnTkg3yTkyL8yWoOWO92DkZ46G4HAko vnFoH9bAJgA2C1QzdBMN3M4Bb11GhJ4Qt1jm/C5hKUWmjYN8jwIjTNJu6B9FkyUDb9ucRX s7pJJJkp1ODQ5MgnJ66A7hiLKJoEOng= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-490-M4zcdcyUNc24sYSeXmRvfQ-1; Mon, 05 Apr 2021 21:35:34 -0400 X-MC-Unique: M4zcdcyUNc24sYSeXmRvfQ-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 3D2DB81744F; Tue, 6 Apr 2021 01:35:32 +0000 (UTC) Received: from wangxiaodeMacBook-Air.local (ovpn-13-96.pek2.redhat.com [10.72.13.96]) by smtp.corp.redhat.com (Postfix) with ESMTP id 35FB519C78; Tue, 6 Apr 2021 01:35:18 +0000 (UTC) Subject: Re: [PATCH V4 05/18] iommu/ioasid: Redefine IOASID set and allocation APIs To: Jason Gunthorpe , "Tian, Kevin" Cc: Jacob Pan , Jean-Philippe Brucker , LKML , Joerg Roedel , Lu Baolu , David Woodhouse , "iommu@lists.linux-foundation.org" , "cgroups@vger.kernel.org" , Tejun Heo , Li Zefan , Johannes Weiner , Jean-Philippe Brucker , Alex Williamson , Eric Auger , Jonathan Corbet , "Raj, Ashok" , "Liu, Yi L" , "Wu, Hao" , "Jiang, Dave" References: <20210319124645.GP2356281@nvidia.com> <20210319135432.GT2356281@nvidia.com> <20210319112221.5123b984@jacob-builder> <20210322120300.GU2356281@nvidia.com> <20210324120528.24d82dbd@jacob-builder> <20210329163147.GG2356281@nvidia.com> <20210330132830.GO2356281@nvidia.com> <20210405234230.GF7405@nvidia.com> From: Jason Wang Message-ID: Date: Tue, 6 Apr 2021 09:35:17 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Thunderbird/78.9.0 MIME-Version: 1.0 In-Reply-To: <20210405234230.GF7405@nvidia.com> Content-Type: text/plain; charset=gbk; format=flowed Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org ?? 2021/4/6 ????7:42, Jason Gunthorpe ะด??: > On Fri, Apr 02, 2021 at 08:22:28AM +0000, Tian, Kevin wrote: >>> From: Jason Gunthorpe >>> Sent: Tuesday, March 30, 2021 9:29 PM >>> >>>> First, userspace may use ioasid in a non-SVA scenario where ioasid is >>>> bound to specific security context (e.g. a control vq in vDPA) instead of >>>> tying to mm. In this case there is no pgtable binding initiated from user >>>> space. Instead, ioasid is allocated from /dev/ioasid and then programmed >>>> to the intended security context through specific passthrough framework >>>> which manages that context. >>> This sounds like the exact opposite of what I'd like to see. >>> >>> I do not want to see every subsystem gaining APIs to program a >>> PASID. All of that should be consolidated in *one place*. >>> >>> I do not want to see VDPA and VFIO have two nearly identical sets of >>> APIs to control the PASID. >>> >>> Drivers consuming a PASID, like VDPA, should consume the PASID and do >>> nothing more than authorize the HW to use it. >>> >>> quemu should have general code under the viommu driver that drives >>> /dev/ioasid to create PASID's and manage the IO mapping according to >>> the guest's needs. >>> >>> Drivers like VDPA and VFIO should simply accept that PASID and >>> configure/authorize their HW to do DMA's with its tag. >>> >> I agree with you on consolidating things in one place (especially for the >> general SVA support). But here I was referring to an usage without >> pgtable binding (Possibly Jason. W can say more here), where the >> userspace just wants to allocate PASIDs, program/accept PASIDs to >> various workqueues (device specific), and then use MAP/UNMAP >> interface to manage address spaces associated with each PASID. >> I just wanted to point out that the latter two steps are through >> VFIO/VDPA specific interfaces. > No, don't do that. > > VFIO and VDPA has no buisness having map/unmap interfaces once we have > /dev/ioasid. That all belongs in the iosaid side. > > I know they have those interfaces today, but that doesn't mean we have > to keep using them for PASID use cases, they should be replaced with a > 'do dma from this pasid on /dev/ioasid' interface certainly not a > 'here is a pasid from /dev/ioasid, go ahead and configure it youself' > interface So it looks like the PASID was bound to SVA in this design. I think it's not necessairly the case: 1) PASID can be implemented without SVA, in this case a map/unmap interface is still required 2) For the case that hypervisor want to do some mediation in the middle for a virtqueue. e.g in the case of control vq that is implemented in the VF/ADI/SF itself, the hardware virtqueue needs to be controlled by Qemu, Though binding qemu's page table to cvq can work but it looks like a overkill, a small dedicated buffers that is mapped for this PASID seems more suitalbe. > > This is because PASID is *complicated* in the general case! For > instance all the two level stuff you are talking about must not leak > into every user! > > Jason So do you mean the device should not expose the PASID confiugration API to guest? I think it could happen if we assign the whole device and let guest to configure it for nested VMs. Thanks >